Re: [Bug-wget] Wget and Perfect Forward Secrecy

From:

Tim Rühsen

Subject:

Re: [Bug-wget] Wget and Perfect Forward Secrecy

Date:

Fri, 16 Aug 2013 22:08:12 +0200

User-agent:

KMail/4.10.5 (Linux/3.10-2-amd64; KDE/4.10.5; x86_64; ; )

Am Freitag, 16. August 2013, 01:21:08 schrieb Ángel González:
> On 15/08/13 10:36, Tim Ruehsen wrote:
> > I just found that OpenSSL also has a cipher naming convention:
> > http://www.openssl.org/docs/apps/ciphers.html
> >
> > If Wget is compiled with OpenSSL, the user could use these.
> > If Wget is compiled with GnuTLS, the user would use GnuTLS option strings.
> >
> > Maybe a new option like --secure-options=... for expert users would be
> > better than recycling --secure-protocol.
> > wgetrc should have two settings like secureoptionsgnutls and
> > secureoptionsopenssl. For when a user changes these settings and than
> > switches between wget-gnutls and wget-openssl. E.g. I sometimes do this
> > for debugging or bug hunting or for comparing resource usage.
> >
> > Beside this 'expert' option, there should be a an 'everyones' option to
> > force/enable PFS, using --secure-protocol as I already suggested.
> >
> Looking at http://www.openssl.org/docs/apps/ciphers.html and
>http://gnutls.org/manual/html_node/Priority-Strings.html it looks like
> they are compatible.
> Is that right? That way we could use the same argument, even if some
> extended
> syntax is only available with one of the cipher libraries.
Hmmm, I really can't see any compatibility in the cipher naming conventions.
http://backreference.org/2009/11/18/openssl-vs-gnutls-cipher-names/
But the separator : and +/- to add/remove ciphers is the same.
Regards, Tim